Commentary
Content posted in May 2008
Page 1 / 2   >   >>
Hey: They're Gonna Confiscate Your iPod
Commentary  |  5/30/2008  | 
From border guards to copyright cops. Get busted with ripped music at the border, and you just may have your iPod, notebook, or smartphone confiscated on the spot. Maybe even if you acquired the music legally.
Speed's Dead
Commentary  |  5/30/2008  | 
In my recent article on data deduplication on InformationWeek's sister site, Byte and Switch, a question of speed impact came up. As we talk to customers throughout the storage community about backup priorities, a surprising trend continues: the importance of shrinking the backup window has become less of a priority for disk to disk backup solutions. Why?
Are Your Employee's Phones Secure? All Of Them? Really?
Commentary  |  5/30/2008  | 
Can a single unsecured smartphone compromise your business's security? Looks that way -- and that should make you look hard at who's got phones in your company, and how they're using them.
Die, Comment Spam. Die
Commentary  |  5/29/2008  | 
Blogging software and services provider Six Apart (known for MovableType and TypePad) has unleashed a new anti-comment spam filter, creatively dubbed TypePad AntiSpam. Now how will I get the latest stock-trading tips, body-enhancing drugs, and pharma deals?
Secure Computing Tells Where Your Biggest Insecurity Is: Inside Your Company, That's Where!
Commentary  |  5/29/2008  | 
What are IT security professionals most scared of? Their companies' own employees, that's what.
Finding The Needle, Part One - Saving Money
Commentary  |  5/28/2008  | 
In the last week another new storage startup is launching a new product, another just received another round of founding, and still another announced it was being purchased. This happens almost every day with technology startup companies, especially in storage.
Adobe Flash Player Under Attack
Commentary  |  5/28/2008  | 
Security researchers are warning that an in-the-wild exploit within the Adobe Flash Player has been planted in from 20,000 to 250,000 Web pages. If that wide range of potentially affected Web pages isn't enough disparity for you, try this on: it's not entirely clear what versions of Flash are at risk. Read on...
Cloud Security
Commentary  |  5/28/2008  | 
Making use of cloud computing resources like Google's App Engine, or Salesforce.com, or Amazon S3, while all the rage, still makes some folks nervous. In particular, heads of enterprise development organizations who feel the need to tell their developers, "Nah-ah. Unless it's behind our firewall, you can't use it."
Infrastructure Virtualization
Commentary  |  5/27/2008  | 
Server virtualization helped justify and broaden the use of the SAN by leveraging networked storage to enable features like server motion. In similar fashion, companies such as Scalent Systems are using infrastructure virtualization to further justify and broaden the use of a SAN by bringing those server virtualization capabilities to nonvirtualized systems: the ability to move or start new application instances in a matter of minutes after powering on and bo
Mob Making Cyber Moves: Organized Crime Versus Disorganized Defenses
Commentary  |  5/27/2008  | 
The news that organized crime is now a bigger cyber-havoc player than independent hackers isn't surprising: as Willie Sutton said of banks in the last century, the Net is now "where the money is."
RIM To Indian Government: No Crypto Keys For You
Commentary  |  5/27/2008  | 
Just last week it looked like RIM was ready to hand over its BlackBerry message encryption to the Indian authorities. Now, it seems as if, to quote singer/songwriter Tom Petty, RIM has had a "Change Of Heart."
Do iSCSI-Only Systems Make Sense?
Commentary  |  5/23/2008  | 
When iSCSI first began to appear, there were several companies -- LeftHand Networks, EqualLogic (now owned by Dell), and others -- which developed storage solutions based solely on the protocol. But what these companies had really developed was a storage software solution that probably could have run on any protocol, although they choose iSCSI. My opinion is that this was as mu
Facebook Vulnerable To Serious XSS Attack
Commentary  |  5/23/2008  | 
If you can't trust your friends, who can you trust? On Facebook, you better think before you click that link, a security researcher warns ...
TVA 's Scary Security Lapses Have Big Lessons For Small And Midsize Businesses
Commentary  |  5/23/2008  | 
The news that the Tennessee Valley Authority (TVA) -- the largest U.S. public electric utility -- is riddled with security lapses should give pause to cybersecurity watchers and worriers everywhere. And the nature of those lapses should be a reminder to every business in the country.
Connecticut Attorney General Blasts Bank Of New York Mellon
Commentary  |  5/22/2008  | 
It's happened again. Another backup tape with millions of customers' information has gone missing. The tape was lost on Feb. 27, and the Connecticut authorities want to know more.
CompTIA Survey: What Causes Most Breaches Is The Same Thing The Road To Hell Is Paved With
Commentary  |  5/22/2008  | 
Findings from a new survey indicate that most security breaches aren't the result of malicious intent. Problem is, more than a few are the result of good intentions.
Research In Motion May Hand Crypto Keys To Indian Government
Commentary  |  5/21/2008  | 
Apparently, the Indian government can't crack 256-bit encryption to read protected e-mails on RIM BlackBerrys. It appears RIM is willing to lend a hand, by handing over its (your) keys.
An Inconvenient Data Retention Policy
Commentary  |  5/21/2008  | 
I recently met with a client that had a 45-day retention policy for ALL data. I've heard of this kind of policy for e-mail, but I don't recall ever hearing of it for all the data in the enterprise. Is this realistic and can you get away with that short of a data retention policy? Not really, and here's why.
E-Mail Security And Compliance Not Taken Seriously
Commentary  |  5/20/2008  | 
Forget viruses and spam as threats to e-mail. Those as so last century. And phishing attacks tend to take money from those who may not be smart enough to hold onto theirs. I mean, who clicks on an e-mail link and starts entering sensitive financial information? That leaves regulatory compliance, lawsuits, and data leakage as the big threats.
Think Before You Toss: Symantec Security Tips On Computer Disposal
Commentary  |  5/20/2008  | 
Getting rid of old computers gets trickier every day. A Symantec podcast offers three minutes' worth of good advice on how to do so safely.
EMC's Own Not-So-Little World
Commentary  |  5/19/2008  | 
After last night's party, which featured the Goo Goo Dolls, EMC World is in full swing. The morning keynotes said about what you'd expect them to say, talking about the huge growth in stored data and all the value that can be gotten from that data. Then, of course, there was a lot of talk about new products. And while I guess I shouldn't have been surprised, I was disappointed to hear almost nothing about interoperability or standards.
Standalone SRM
Commentary  |  5/19/2008  | 
In a recent briefing with a Storage Resource Management Software manufacturer I heard the quote that I have now heard 1,001 times; "Excel is the No. 1 Storage Resource Management software." People are using Excel to do SRM work more often than specific SRM tools. They are manually inputting storage capacity, storage used, and other storage information into Excel spreadsheets.
Afghan Hijacker Gets Job At Heathrow Airport
Commentary  |  5/19/2008  | 
When the authorities stopped him while he was driving around Terminal 5 (the new one) at Heathrow Airport, they thought he was an unlicensed cab driver. Turns out he is a convicted hijacker working as a cleaner at the airport. There's more ...
Check Point Pushes Virtualized Browser Protection
Commentary  |  5/19/2008  | 
Browser vulnerabilities and threats -- malware, drive-by downloads, etc. -- is fast becoming the new security battleground. A new Check Point Technologies release promises that this will be a new security products battleground too.
Optimizing Primary Storage
Commentary  |  5/16/2008  | 
Data deduplication has done much to optimize disk backup storage, but can those same efforts be successful in primary storage? Primary storage is, of course, different than secondary storage. Any latency can cause problems with applications and users. Thin provisioning, which I wrote about last week, can help a great deal, but once the data is actually written, the space is allocated. How can you make primary storage take up less space?
What's So Bad About An Air Force Botnet?
Commentary  |  5/15/2008  | 
Air Force Col. Charles W. Williamson III proposes the armed service branch ready and deploy a massive global botnet capable of digitally choking our adversaries. Some don't like the idea. I'm wondering why this botnet hasn't been built yet.
Symantec Spam Report: April Was The Cruelest Month
Commentary  |  5/15/2008  | 
Symantec's monthly Spam Report is out, just in time to remind us of what our queues and filters and networks all know -- spam is up and so, most likely is the blood pressure of everyone who has an e-mail account.
Grand Theft Auto IV Fans Under Assault
Commentary  |  5/14/2008  | 
Identity thieves, creative scourge that they are, are always looking for the most recent trend, craze, news event, or blockbuster hit to pin their phishing and social engineering scams on the unwitting. Now they're targeting the runaway hit Grand Theft Auto IV.
Saving Sun
Commentary  |  5/14/2008  | 
The current poll on InformationWeek's sister site Byte and Switch, "Sun Down," paints a very bleak outlook for Sun storage. The final question, "Do you think they should exit the storage hardware business?" has a surprising 57% say that it should. Can Sun save itself? Probably not, but I can ...
McAfee Spam Experiment Results: Spam Is Bad And There's Lots Of It
Commentary  |  5/14/2008  | 
All spam all the time -- that's what volunteers for McAfee's Global S.P.A.M (Spammed. Persistently. All. Month.) experiment looked for, and that's what they got when they turned in their brand-new, completely unprotected machines and opened themselves to the deluge.
Why Software Stinks
Commentary  |  5/13/2008  | 
Earlier this decade, many universities started adding cybersecurity as part of a well-rounded programming curriculum. Apparently, universities in the U.K. didn't get the memo.
You Think You've Really Destroyed That Data? Take A Look At What Got Recovered From Shuttle Columbia
Commentary  |  5/13/2008  | 
The loss of the Space Shuttle Columbia and its crew in 2003 continues to haunt many of us -- and, unexpectedly, has offered a lesson in the persistence of hard disk data.
Hacker Publishes Personal Data Of Six Million Onto Internet
Commentary  |  5/12/2008  | 
The hacker took the data from several government-run Web sites, then displayed the data for all to see.
Complete Virtualization
Commentary  |  5/12/2008  | 
As the economy slows down and budgets tighten up, once again IT professionals are being asked to do more with less (does anyone remember when you were allowed to do less with more?). How can you tighten up your storage processes one more time? The first technology that I would count on to help is virtualization. For virtualization to truly pay off it must be more than just server virtualization.
Backscatter Spam Spreading, Bouncemail Battle Heats Up
Commentary  |  5/9/2008  | 
Have you been backscatter or bounceback spammed yet? No? Be patient -- if your e-mail address has ever been published on the Web, the odds may be against you.
Data Moveage: How To Move Data And Live To Tell About It
Commentary  |  5/9/2008  | 
In a previous entry I wrote about the importance of moving data from primary storage to another platform. The roadblock is how to move that data from expensive storage to secondary storage. The traditional approach of deploying an agent on every server that monitors all the files and then moves files that haven't been accessed to a lower class of storage hasn't worked well in the enterprise. There are a variety of reasons, but most of the issues are the deployment and management of that many age
Firefox Provides Increased Security Over Internet Explorer? Not So Much.
Commentary  |  5/8/2008  | 
It's been reported that the Firefox Web browser has been distributing a Trojan horse application with the Vietnamese language pack. No one is sure how many users may have unwittingly downloaded the malware.
NFS Saved By VMware?
Commentary  |  5/8/2008  | 
Will NFS become the predominant storage deployment method for VMware implementations? NFS didn't need to be saved, but because of VMware its use has been broadened beyond the traditional Unix implementations. Instead of creating a LUN for each VMware Virtual Disk (VMDK), with NFS you manage multiple VMDK files on a single NFS Volume. This makes sense because VMDK's are files, not actual disks.
The Most Critical Factor To Attaining Organizational Security: You
Commentary  |  5/7/2008  | 
According to a study just released by consulting firm Frost & Sullivan, you -- that's right: you -- may be the most important factor in the security of your organization.
More On Disaster Recovery: Mind The Gaps In Your Plans
Commentary  |  5/7/2008  | 
We've talked a lot here about disaster recovery, and almost as much about planning for disaster recovery. In considering these, it's well-worth considering -- and looking for -- any hidden gaps or vulnerabilities that might bring even the best-laid plans to grief.
Data Keepage
Commentary  |  5/7/2008  | 
Your servers are probably bloated with data that is years old and yet despite your retention policy, if you have one, you keep it all. The relatively inexpensive price of disk capacity has made it easier to keep everything on primary disk storage. When you think of primary storage, you think of active data, databases, current documents, e-mail, etc. -- but because of the affordability of storage, it basically also has become the archive. Data is kept on disk, "just in case." It seems easier to s
Security Researchers Find Trove of Stolen Data
Commentary  |  5/6/2008  | 
A server used as a "drop site" for stolen and highly sensitive information has been uncovered by security researchers.
Manhole Covers: Gateways To Terrorism
Commentary  |  5/6/2008  | 
Fear mole-men with bombs. That, more or less, is the message from Manhole Barrier Security Systems, which on Monday warned that cities need to do more to protect against assaults on infrastructure launched by underground attackers.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.